CVE-2026-44112

Published: Mag 06, 2026 Last Modified: Mag 06, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: high

Availability: none

Description

AI Translation Available

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.

367

Time-of-check Time-of-use (TOCTOU) Race Condition

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Other Non-Repudiation

Potential Impacts:

Alter Execution Logic Unexpected State Modify Application Data Modify Files Or Directories Modify Memory Other Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://github.com/openclaw/openclaw/commit/7be82d4fd1193bc…

https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj

https://www.vulncheck.com/advisories/openclaw-symlink-swap-…

https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-op…

CVE-2026-44112

Description

Time-of-check Time-of-use (TOCTOU) Race Condition

Common Consequences

Applicable Platforms

Iscriviti alla newsletter